Python is a Turing complete programming language.
To offer a Python interface for users in web context is a potential security risk.
Web frameworks and Content Management Systems (CMS) want to offer their users as much extensibility as possible through the web (TTW).
This also means to have permissions to add functionality via a Python Script.

There should be additional preventive measures taken to ensure integrity of the application and the server itself, according to information security best practice and unrelated to Restricted Python.

RestrictedPython defines a safe subset of the Python programming language.
This is a common approach for securing a programming language.
The Ada Ravenscar profile is another example of such an approach.

Defining a secure subset of the language involves restricting the EBNF elements and explicitly allowing or disallowing language features.
Much of the power of a programming language derives from its standard and contributed libraries, so any calling of these methods must also be checked and potentially restricted.
RestrictedPython generally disallows calls to any library that is not explicit whitelisted.

As Python is a scripting language that is executed by an interpreter.
Any Python code that should be executed have to be explicit checked before executing a generated byte code by the interpreter.

The definition of the compile() method has changed over time, but its relevant parameters source and mode still remain.

There are three valid string values for mode:

'exec'

'eval'

'single'

For RestrictedPython this compile() method is replaced by:

compile_restricted(source,filename,mode[,flags[,dont_inherit]])

The primary parameter source has to be a ASCII or unicode string (With Python 2.6 an additional option for source was added: ast.AST for Code generation).
Both methods either returns compiled byte code that the interpreter could execute or raise exceptions if the provided source code is invalid.

As compile and compile_restricted just compile the provided source code to byte code it is not sufficient to sandbox the environment, as all calls to libraries are still available.

The two methods / Statements:

exec / exec()

eval / eval()

have two parameters:

globals

locals

which are a reference to the Python builtins.

By modifying and restricting the available modules, methods and constants from globals and locals we could limit the possible calls.

Additionally RestrictedPython offers a way to define a policy which allows developers to protect access to attributes.
This works by defining a restricted version of:

print

getattr

setattr

import

Also RestrictedPython provides three predefined, limited versions of Python’s own __builtins__: